Microsegmentation can greatly increase security in a data center network by dividing the data center into smaller, protected zones, and isolating traffic associated with the various, protected zones. For example, administrators can firewall traffic traveling from one segment of the data center to another (east-west traffic). This consequently limits an attackers' ability to move laterally in the data center. Moreover, security services can be provisioned not only at the perimeter of a network segment but also between application tiers and even between devices within tiers. With such fine granularity of control, microsegmentation can allow a network breach to be contained into a small fault domain to protect the integrity of the rest of the data center.
A modern data center may deploy different software defined networking (SDN) solutions, such as CISCO APPLICATION CENTRIC INFRASTRUCTURE (ACI) and VMWARE NSX. The data center may also deploy different kinds of hosts or hypervisors, such as VMWARE ESX/ESXI, WINDOWS HYPER-V, and bare metal physical hosts. Unfortunately, many of the different hypervisors, servers, and SDN platforms do not adequately interoperate. As a result, microsegmentation in heterogeneous data centers is greatly limited.